package com.zzf.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;

@Configuration
public class WebSecurityConfig  extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http.authorizeRequests()
                .mvcMatchers("/index").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .successHandler(new MyAuthenticationSuccessHandler())//自定义登录成功处理
                .failureHandler(new MyAuthenticationFailureHandler())//自定义认证失败的处理
         ;

        //注销登录URL自定义
        http.authorizeRequests()
                .and()
                .logout()
                .logoutRequestMatcher(new OrRequestMatcher(
                    new AntPathRequestMatcher("/aa","GET"),
                    new AntPathRequestMatcher("/bb","POST")
                ));

        http.authorizeRequests()
                .and()
                .csrf().disable();

        //注销成功之后处理
        http.authorizeRequests()
                .and()
                .logout()
                .logoutSuccessHandler(new MyLogoutSuccessHandler());
    }

}
